Why Data Breaches Take So Long to Detect — And How You Can Protect Yourself
To the average consumer, it seems like a data breach should be easy to spot. Some might even imagine alarms, sirens, flashing lights — something dramatic to indicate that data is flying out the door unexpectedly. The truth is, though, that data breaches are generally much quieter, often happening right under security team noses for days, weeks, even months before attracting notice. The result? Customers who shopped in particular stores as many as six months earlier could be affected by a breach.
Not all data breaches are the same, and the means of discovery isn't always the same. In some cases, such as the recent Home Depot breach, the problem is revealed when the stolen information surfaces on the black market or somewhere else it shouldn't be. Sometimes, an eagle-eyed security pro spots an anomaly and decides to investigate. Sometimes, a third-party audit leads to the discovery of the breach. Because detecting a breach is an inexact science, it can take some time to spot a problem.
The human element of data breach detection is not the only reason that breaches take so long to find. Several other factors make it hard to find and close them.
Cyber criminals who launch attacks designed to steal information aren’t generally amateur hackers fooling around in their parents’ basements. High-level criminals are intelligent, sophisticated, and well- funded — and skilled at exploiting any type of security lapse they can. Many data breaches start with zero-day exploits, which are essentially undiscovered security loopholes. When a hacker finds the loophole before the company’s security team does, he or she will use it to inject malware or find another way to access the network. Once they gain access to what they want, they cover their tracks — and create more openings to ensure future access. How do they cover their tracks? In most cases, by making the information they are stealing appear to be regular network traffic. For example, they may disguise the data they are stealing as a Microsoft Word or Excel file, which probably won’t raise any eyebrows as it’s transmitted over the corporate network. As long as the exploits go undetected as well, the criminals can continue stealing information.
A False Sense of Security
Many businesses do not take necessary precautions to protect their networks because they erroneously believe that they have nothing of value to a hacker. However, if your business is a vendor to a larger business, you could be a target of hackers. The major breach of Target, for example, was traced back to an air conditioning vendor, which was hacked and then used as a means to access Target’s systems. In fact, many businesses that experience cyber attacks aren’t actually the intended victims, which only underscores the importance of strong network security with real-time protection that uses the latest data to block zero-day exploits and other suspicious behavior.
Because the process of identifying and closing breaches is not perfect, and it can take time, consumers need to protect themselves and learn to identify the signs of a potential breach. At minimum, you should:
• Carefully review your statements regularly to spot any unusual activity. Criminals often make a series of small purchases to test that a card works before stealing larger amounts.
• Use cash. If possible, make purchases with cash instead of debit cards, or use credit cards, which have higher levels of fraud protection.
• Limit the amount of information you share.
• If you own a business, make network security a priority. Use the most advanced protection systems, and educate employees on how to protect data.
As long as information is stored in databases and shared over networks, there will be people trying to protect it — and even more people trying to steal it. The next time you hear about a breach, though, don’t be surprised if it started several months before the announcement.